| 摘要 |
<P>PROBLEM TO BE SOLVED: To provide a hash generation method which has differential attack resistance and can be implemented in a device having a limited memory capacity. <P>SOLUTION: A hash value generation device divides a message into message blocks and executes block cipher processing on each message block to calculate a hash value, and includes: a storage unit storing an initial value therein; and an arithmetic unit which executes a function f<SB POS="POST">k</SB>for calculating a key constant K and a function f<SB POS="POST">R</SB>for calculating output data and stores the output data in the storage unit and combines the output data to calculate a hash value. The function f<SB POS="POST">R</SB>includes a function F<SB POS="POST">R</SB>being a composite function of a nonlinear function γ which includes a cyclic shift of a bit string having an m-bit width and an arithmetic addition to add two bit strings and calculates 4m-bit output data for 4m-bit input data, and a linear function θ which includes a cyclic shift of a bit string having a 2m-bit width and an exclusive OR of two bit strings and calculates 4m-bit output data for 4m-bit input data. <P>COPYRIGHT: (C)2013,JPO&INPIT |
